From owner-freebsd-security Wed Nov 24 8:12: 2 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 49E9514E7C; Wed, 24 Nov 1999 08:11:46 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id JAA13471; Wed, 24 Nov 1999 09:11:40 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id JAA20799; Wed, 24 Nov 1999 09:12:02 -0700 (MST) Message-Id: <199911241612.JAA20799@harmony.village.org> To: Peter Wemm Subject: Re: ps on 4.0-current Cc: Poul-Henning Kamp , freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG In-reply-to: Your message of "Wed, 24 Nov 1999 17:05:23 +0800." <19991124090523.9689C1C6D@overcee.netplex.com.au> References: <19991124090523.9689C1C6D@overcee.netplex.com.au> Date: Wed, 24 Nov 1999 09:12:02 -0700 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message <19991124090523.9689C1C6D@overcee.netplex.com.au> Peter Wemm writes: : For example, in "workstation" mode, the reasonable default is "open", : because typically there is one user on the box (other than root) and that : person has root access. Excessive hiding info from that user just means : that they'll have to use root more, or will give up the idea of using a mortal : user entirely and run everything as root (a Really Bad idea, think of Windoze : and viruses etc etc). True. : In a dedicated server role, again it might be appropriate to default : it to "open" (dedicated server being something like a squid box), : again there will be a couple of sysadmin type users or people who : have to monitor things. Hiding information gains nothing there : either. I disagree with this, but that is because I've rarely seen a totally dedicated server. A simple fileserver that does nothing else would want to be open in this respect since few people have accounts. : In other roles, including something like a shell server box with presumably : hostile users (you reasonably have to assume this), you want everything you : possibly can to be locked down. Firewall, dialup boxes, dns servers, etc are good candidates to be locked down. : Oh for ACL's, privilige attributes, etc. It would solve this sort of thing : nicely so that you could allow admin users to see what's going on : (including a ps -ax and see what the users are running) without having to : constantly (ab)use root and the dangers of overusing that. sef suggested this be a procfs mount option. I think I like this more than the sysctl option, but don't strong opinion either way (sysctl is more like most of the rest of the system, while a mount option would be harder to change on the fly). Having it be a mount option would make it possible to have a GID that the files are "owned" by that could be 'operator' so that operators can see the args, and possibly other things. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message